From mboxrd@z Thu Jan 1 00:00:00 1970 From: "curby ." Subject: Re: SSH Brute Force not working (any longer) Date: Wed, 27 Jul 2005 16:50:23 -0600 Message-ID: <5d2f379105072715502f71e9b4@mail.gmail.com> References: <5d2f37910507270936737ad3d1@mail.gmail.com> <003601c592df$9f92fda0$4206a8c0@loki> Reply-To: "curby ." Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <003601c592df$9f92fda0$4206a8c0@loki> Content-Disposition: inline List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii" To: Marius Mertens Cc: Netfilter User Mailing List On 7/27/05, Nagy Zoltan wrote: > i've read 1-3 the files, i think your problem is a skip of the "update" (= my english is really bad ;) > because your --update lines have other condition like:seconds and rate > the attacking machine when it begins to send those packets, recent knows = nothing about him, it will be enlist with a --set match > and then you don't update it's record with a single --update, so it can't= reach the hitcount :) 2 and 3 have --set during the rule in the INPUT chain that jumps to the custom chain. On 7/27/05, Marius Mertens wrote: > problem. The only positive about it: I finally gave up debugging it, and = as > silently as it came, the problem disappeared. Everything is working fine > again. With a still unchanged ruleset of course ;-) If this is not the result of something dumb we're doing, there's probably a bug that should be squirreled out. Intermittent problems in security software are bad. Still, iptables has been so stable that I'm thinking it's likely my fault. =3DP I'll keep poking at it when I have a moment.